Hong Fook Mental Health Association as a health information custodian (often referred to as a “HIC”), is in compliance with the Personal Health Information Protection Act (2004) and the Quality of Care Information Protection Act (2004).
When personal health information is collected, it is treated with respect, and the privacy and confidentiality of the information is protected. Access to personal health information is available only to those: who need to know, who are involved in a client’s care, treatment, recovery and education, and who have received consent from the client or client’s decision maker.
Client health information may be maintained in paper and electronic records that are safely stored and are with electronic records, password and firewall protected. The software permits staff, students and consultants identified as involved in a client’s care, treatment, recovery and education to have access to the information.
Hong Fook posts notice of its privacy and information practices at all locations and on its website.
This Policy incorporates the key requirements of the Personal Health Information Protection Act, 2004 (PHIPA), the Quality of Care Information Protection Act, 2004, the Health Protection and Promotion Act, and includes the ten (10) principles of the Canadian Standards Association (CSA) Model Code for the Protection of Personal Information which are found in Schedule 1 of the Personal Information Protection and Electronic Documents Act, (PIPEDA).
The Policy and processes have been established to set out the principles and protocols to ensure the protection of personal information including personal health information. The following principles (and related functions and processes) underlie the Policy:
Principle 1 – Accountability for Personal Health Information
Principle 2 – Identifying Purposes for Collecting Personal Health Information
Principle 3 – Consent for Collection, Use, and Disclosure
Principle 4 – Limiting Collection of Personal Health Information
Principle 5 – Limiting Use, Disclosure and Retention of Personal Health Information
Principle 6 – Accuracy of Personal Health Information
Principle 7 – Safeguards
Principle 8 – Openness about Information Practices
Principle 9 – Individual Access to Personal Health Information
Principle 10 – Challenging Compliance with Information Practices
To access the full policy and procedure including the detailed information of the ten principles, its application and procedures, or issue any concerns, please contact the Privacy Officer at 416-493-4242 x 2239.